Many threat actors have leveraged free tunnel services and web hosting providers to host their phishing content for the longest time. And based on the latest findings of iZOOlogic’s cybersecurity researchers, threat actors are found to have been abusing the web hosting provider Hostinger for phishing attacks.
Hostinger is an internet domain registrar and web hosting provider based in Lithuania and one of the fastest-growing web hosting firms in Europe. With a plan that starts from as low as $1.39 per month, Hostinger stands as a good deal for clients who want to establish their own website.
Aside from the paid plans, clients can also opt for the free web hosting plan of Hostinger that includes many benefits, such as one free website, 300MB HDD storage, a 3GB bandwidth limit, and more. Even though the free web hosting plan of Hostinger offers a great deal for clients, its limitations can also be a trouble for those who opt for it, including having no email account, no free domain, no free SSL, no 24/7/365 customer support, and more.
Despite the massive growth of Hostinger among clients, it was also one of the many web hosting providers exploited by threat actors in hosting their fraudulent websites to perform phishing attacks.
Hostinger offers various top domain extensions for clients to choose from, such as [.]com, [.]online, and [.]net, which threat actors can also leverage to make their fraudulent website look authentic to their targets.
In 2015, experts discovered Hostinger to have hosted more than 90% of phishing sites in Steam – a popular video game digital distribution service. According to security analysts, free web hosting providers like Hostinger are attractive targets for threat actors for their phishing activities since they can avoid leaving financial trails. Moreover, Hostinger does not display ads on website interfaces, even on the free plan, which is advantageous for threat actors to host fraudulent web pages.
The web hosting provider has teamed up with an anti-fraud security firm in 2017 to combat the threats of being exploited to phishing activities. As stated by Hostinger in a blog post, their partnership with a fraud detection solutions firm is a hopeful attempt to lessen phishing and fraudulent activities within their platform by up to 95% or reach a fraud-free environment for their clients in the future.
It is vital for website owners, such as firms and organisations, to be cautious regarding online fraud threats. iZOOlogic’s security experts urge everyone to learn more about common phishing attack tactics and apply steps to protect themselves against being victimised by malicious activities posed by threat actors in the online landscape.
